BeNeLux OWASP Day 2016 - Revision history

Dm-17 at 19:40, 29 September 2016

2016-09-29T19:40:00Z

Knoblochmartin: /* Agenda */ added slides "Experiences with Past-Monitoring"

2016-03-23T10:04:24Z

‎Agenda: added slides "Experiences with Past-Monitoring"

Knoblochmartin: /* Agenda */

2016-03-21T13:50:51Z

‎Agenda

Knoblochmartin: /* Agenda */ added link to TopTen privacy risks slides

2016-03-21T12:31:09Z

‎Agenda: added link to TopTen privacy risks slides

Knoblochmartin: /* Agenda */ added slides SKF and LangSec..

2016-03-20T19:04:32Z

‎Agenda: added slides SKF and LangSec..

Knoblochmartin: /* Agenda */

2016-03-20T11:22:13Z

‎Agenda

Knoblochmartin: /* Speakers */

2016-03-19T16:12:11Z

‎Speakers

Knoblochmartin: /* Challenges in Android Malware Detection */

2016-03-19T16:11:02Z

‎Challenges in Android Malware Detection

Knoblochmartin: /* Talks */

2016-03-19T16:10:36Z

‎Talks

Knoblochmartin at 16:07, 19 March 2016

2016-03-19T16:07:59Z

@@ Line 6: / Line 6: @@
 <!-- First tab -->
 = Information  =
 == OWASP BeNeLux Announcement  ==

@@ Line 313: / Line 313: @@
 | 16h30 - 17h15 || [[BeNeLux_OWASP_Day_2016#Michael_Hamm | Michael Hamm]]
 || [[BeNeLux_OWASP_Day_2016#Experiences_with_Paste-Monitoring |Experiences with Paste-Monitoring]]
-||
+|| [[Media:OWASPBNL_Experiences_with_Paste-Monitoring.pdf | Download PDF ]]
 |-
 | 17h15 - 17h30 || OWASP Benelux 2016 organization || '''Closing Notes'''

@@ Line 302: / Line 302: @@
 | 14h30 - 15h15 || [[BeNeLux_OWASP_Day_2016#Kevin_Allix |Kevin Allix]]
 || [[BeNeLux_OWASP_Day_2016#Challenges_in_Android_Malware_Detection | Challenges in Android Malware Detection]]
-||
+|| [[Media:OWASPBNL_Challenges_in_Android_Malware_Detection.pdf | Download PDF]]
 |-
 | 15h15 - 15h45

@@ Line 280: / Line 280: @@
 | 10h00 - 10h45 || [[BeNeLux_OWASP_Day_2016#Stefan_Burgmair |Stefan Burgmair]]
 || [[BeNeLux_OWASP_Day_2016#OWASP_Top_10_Privacy_Risks | OWASP Top 10 Privacy Risks]]
-|| [[OWASP_Top_10_Privacy_Risks_Project | project website]]
+|| [[Media:OWASPBNL_OWASP_Top_10_Privacy_Risks.pdf| Download PDF]] <br> [[OWASP_Top_10_Privacy_Risks_Project | project website]]
 |-
 | 10h45 - 11h15

@@ Line 268: / Line 268: @@
 {| class="wikitable"
 ! width="120pt" | Time
-! width="180pt" | Speaker !! Topic
+! width="190pt" | Speaker !! Topic
-! width="160pt" | Presentation
+! width="140pt" | Presentation
 |-
 | 08h30 - 09h10
@@ Line 287: / Line 287: @@
 | 11h15 - 12h00 || [[BeNeLux_OWASP_Day_2016#Erik_Poll |Erik Poll]]
 || [[BeNeLux_OWASP_Day_2016#LangSec_meets_State_Machines | LangSec meets State Machines]]
-||
+|| [[Media:OWASPBNL_LangSec_meets_state_machines.pdf | Download PDF ]]
 |-
 | 12h00 - 12h45 || [[BeNeLux_OWASP_Day_2016#Arne_Swinnen |Arne Swinnen]]
@@ Line 298: / Line 298: @@
 | 13h45 - 14h30 || [[BeNeLux_OWASP_Day_2016#Glenn_Ten_Cate |Glenn Ten Cate]] & [[BeNeLux_OWASP_Day_2016#Riccardo_Ten_Cate | Riccardo Ten Cate ]]
 || [[BeNeLux_OWASP_Day_2016#OWASP_Security_Knowledge_Framework | OWASP Security Knowledge Framework (SKF)]]
-|| [[OWASP_Security_Knowledge_Framework | project website]]
+|| [[Media:OWASPBLN_SKF.pdf| Download PDF]] <br> [[OWASP_Security_Knowledge_Framework | project website]]
 |-
 | 14h30 - 15h15 || [[BeNeLux_OWASP_Day_2016#Kevin_Allix |Kevin Allix]]

@@ Line 378: / Line 378: @@
 Arne Swinnen is an IT Security Consultant at NVISO, a Belgian Cyber Security Consulting firm. Arne specializes in Application Security and Digital Forensics. He co-organized the first edition of the Cyber Security Challenge Belgium in 2015, a National cyber security competition designed exclusively for Belgian students.<br>
 Arne was a speaker at Black Hat USA and BruCON in 2014, presenting novel anti-virus detection and evasion techniques (“One Packer to Rule Them All”). Since 2015, he is also listed on Facebook’s Bug Bounty Half of Fame''.<br>
 === Glenn Ten Cate ===
@@ Line 394: / Line 389: @@
 === Kevin Allix ===
 After a Master degree obtained in 2007, Kevin Allix held operational positions for four years during which he deployed and ran network security equipments for dozens of customers, and built tools to help administrate one of the biggest french Video-on-Demand platform. In 2011, he joined the University of Luxembourg to start a PhD at the 'Centre for Security, Reliability and Trust'. He is now a Research Associate at SnT - uni.lu where he keeps focusing on Android malware detection.
 === Michael Hamm ===

@@ Line 357: / Line 357: @@
 === Challenges in Android Malware Detection ===
-''Abstract:'' What is the state of Malware detection for Android? This talk will present a landscape of Android Malware and techniques used to (try and) detect Malware, with a focus on the limitations of the state-of-the-art detection methods.
+What is the state of Malware detection for Android? This talk will present a landscape of Android Malware and techniques used to (try and) detect Malware, with a focus on the limitations of the state-of-the-art detection methods.
 === Serial Killer: Silently Pwning your Java Endpoints ===

@@ Line 339: / Line 339: @@
 All vulnerabilities were disclosed responsibly via Facebook’s Public Bug Bounty program over the course of 2015 and 2016, and will be discussed in detail. Required advanced Mobile Security attack techniques for this Research, such as Binary Modification, Dynamic Hooking and Burp Suite Plugin Development will be covered, among other trickery.<br>
 The most interesting vulnerabilities were hybrid: Combinations of complementary vulnerabilities in different environments (e.g. Web and Mobile). All identified issues’ root causes will be mapped onto the Software Development Life Cycle (SDLC), to analyze where they could have been prevented from materializing. Last but not least, the monetary rewards offered by Facebook for each vulnerability and general Bug Bounty Hunting advice will be shared with the community.
 === [[OWASP_Security_Knowledge_Framework | OWASP Security Knowledge Framework]] ===
@@ Line 364: / Line 355: @@
 <li>Code examples for secure coding</li>
 </ul>
 == Speakers ==
 === Julie Gommes===

@@ Line 296: / Line 296: @@
 | colspan="3" style="text-align: center;background: grey; color: white" | ''Lunch''
 |-
-| 13h45 - 14h30 || [[BeNeLux_OWASP_Day_2016#Glenn_Ten_Cate |Glenn Ten Cate]] & [[BeNeLux_OWASP_Day_2016#Riccardo_Ten_Cate | Riccardo Ten Cate ]]  ||[[BeNeLux_OWASP_Day_2016#OWASP_Secure_Knowledge_Framework | OWASP Secure Knowledge Framework (SKF)]]
+| 13h45 - 14h30 || [[BeNeLux_OWASP_Day_2016#Glenn_Ten_Cate |Glenn Ten Cate]] & [[BeNeLux_OWASP_Day_2016#Riccardo_Ten_Cate | Riccardo Ten Cate ]]
 ||
 |-
@@ Line 343: / Line 344: @@
 === Experiences with Paste-Monitoring ===
 Paste platforms like Pastebin.com provide the possibility to store and share text online. Often this kind of services are used by programmers but also abused by attackers to present their achievements. CIRCL acts as a fire brigade and monitor several of those paste platforms to early detect potential incidents and help the victims. The findings vary from lists of vulnerable or compromised websites, leaked credentials, database dumps, opportunistic announcements, stolen credit card details and many more. We will present the used techniques, and some key experiences with the findings and introduce the AIL framework - Framework for Analysis of Information Leaks. AIL is designed to analyse unstructured data and identify potential data leaks.
@@ Line 349: / Line 349: @@
 ''Abstract:'' What is the state of Malware detection for Android? This talk will present a landscape of Android Malware and techniques used to (try and) detect Malware, with a focus on the limitations of the state-of-the-art detection methods.
-=== [[OWASP_Security_Knowledge_Framework | Security knowledge framework]] ===
+=== [[OWASP_Security_Knowledge_Framework | OWASP Security Knowledge Framework]] ===
 Over 10 years of experience in web application security bundled into a single application. <br/>
 The Security Knowledge Framework is a vital asset to the coding toolkit of you and your development team. <br/>